Homepage About Snyk

Find out if you have vulnerabilities that put you at risk

Test your applications
Toggle filtering controls
Expand this section

PACKAGE MANAGER

Report a new vulnerability
VULNERABILITY AFFECTS TYPE PUBLISHED
  • H
Remote Code Execution (RCE) 		diffy Open this link in a new tab <3.4.1 RubyGems 24 Jun 2022
  • H
Improper Encoding or Escaping of Output 		motor-admin Open this link in a new tab <0.2.61 RubyGems 22 Jun 2022
  • L
Insecure Permissions 		octopoller Open this link in a new tab >=0.2.0, <0.3.0 RubyGems 16 Jun 2022
  • M
Insufficiently Protected Credentials 		mechanize Open this link in a new tab <2.8.5 RubyGems 10 Jun 2022
  • H
Deserialization of Untrusted Data 		jmespath Open this link in a new tab <1.6.1 RubyGems 7 Jun 2022
  • M
Use of Uninitialized Resource 		trilogy Open this link in a new tab <2.1.1 RubyGems 7 Jun 2022
  • M
Cross-site Scripting (XSS) 		publify_core Open this link in a new tab >=8.0, <9.2.5 RubyGems 6 Jun 2022
  • L
Cross-site Request Forgery (CSRF) 		solidus_backend Open this link in a new tab <2.11.16 >=3.0.0, <3.0.6 >=3.1.0, <3.1.6 RubyGems 2 Jun 2022
  • H
Denial of Service (DoS) 		rack Open this link in a new tab >=1.2, <2.0.9.1 >=2.1.0, <2.1.4.1 >=2.2.0, <2.2.3.1 RubyGems 28 May 2022
  • C
Arbitrary Code Injection 		rack Open this link in a new tab <2.0.9.1 >=2.1.0, <2.1.4.1 >=2.2.0, <2.2.3.1 RubyGems 28 May 2022
  • M
Improper Access Control 		publify_core Open this link in a new tab <9.2.9 RubyGems 24 May 2022
  • M
Cross-site Scripting (XSS) 		publify_core Open this link in a new tab <9.2.9 RubyGems 24 May 2022
  • H
Improper Handling of Unexpected Data Type 		nokogiri Open this link in a new tab <1.13.6-aarch64-linux RubyGems 20 May 2022
  • H
Inadequate Encryption Strength 		random_password_generator Open this link in a new tab >=0.0.0 RubyGems 18 May 2022
  • M
Cross-site Scripting (XSS) 		publify_core Open this link in a new tab <9.2.8 RubyGems 17 May 2022
  • L
Information Exposure 		publify_core Open this link in a new tab <9.2.8 RubyGems 17 May 2022
  • L
Improper Access Control 		publify_core Open this link in a new tab <9.2.8 RubyGems 17 May 2022
  • M
CSV Injection 		csv-safe Open this link in a new tab <3.0.0 RubyGems 2 May 2022
  • H
Improper Input Validation 		sinatra Open this link in a new tab <2.2.0 RubyGems 2 May 2022
  • M
Cross-site Scripting (XSS) 		actionview Open this link in a new tab <5.2.7.1 >=6.0.0.beta1, <6.0.4.8 >=6.1.0.rc1, <6.1.5.1 >=7.0.0.alpha1, <7.0.2.4 RubyGems 27 Apr 2022
  • M
Cross-site Scripting (XSS) 		actionpack Open this link in a new tab >=5.2.0, <5.2.7.1 >=6.0.0.beta1, <6.0.4.8 >=6.1.0.rc1, <6.1.5.1 >=7.0.0.alpha1, <7.0.2.4 RubyGems 27 Apr 2022
  • M
Server-side Request Forgery (SSRF) 		gibbon Open this link in a new tab <3.4.4 RubyGems 25 Apr 2022
  • M
SQL Injection 		blazer Open this link in a new tab <2.6.0 RubyGems 21 Apr 2022
  • H
Command Injection 		git Open this link in a new tab <1.11.0 RubyGems 19 Apr 2022
  • H
Out-of-bounds Write 		nokogiri Open this link in a new tab <1.13.4 RubyGems 12 Apr 2022
  • H
Regular Expression Denial of Service (ReDoS) 		nokogiri Open this link in a new tab <1.13.4 RubyGems 12 Apr 2022
  • H
Denial of Service (DoS) 		nokogiri Open this link in a new tab <1.13.4-aarch64-linux RubyGems 12 Apr 2022
  • M
Time-Based One-Time Password (TOTP) Reuse 		devise-two-factor Open this link in a new tab <4.0.2 RubyGems 10 Apr 2022
  • M
Denial of Service (DoS) 		yajl-ruby Open this link in a new tab <1.4.2 RubyGems 6 Apr 2022
  • H
Command Injection 		cocoapods-downloader Open this link in a new tab <1.6.0 >=1.6.2, <1.6.3 RubyGems 1 Apr 2022